Data Sovereignty & Security

Your client data stays in Australia.

Tendio is built on Australian cloud infrastructure and processes all client data within Australia. This is not optional for us. It is a design requirement driven by the Privacy Act 1988 and the nature of the data aged care and home care providers entrust to their systems.

Quick reference

For your procurement team

Data storage location Australia (Microsoft Azure, Australia East region)
AI processing location Australia (Amazon Web Services, ap-southeast-2 Sydney)
Offshore data transfer No. Client records and care data are not transferred outside Australia.
Applicable law Privacy Act 1988 (Cth), Australian Privacy Principles
Encryption In transit (TLS) and at rest. Audio recordings are not stored.
Data retention on termination Client data is purged within 90 days of contract end. Full export available on request.
Infrastructure

Where your data lives

Database and application hosting

Microsoft Azure

Australia East region

All client records, service data, billing information, and operational logs are stored in Microsoft Azure's Australia East data centre. Data does not leave this region.

AI processing

Amazon Web Services

Asia Pacific (Sydney) ap-southeast-2

All AI processing runs through AWS Bedrock in the Sydney region. Client data sent to the AI model does not leave Australia. This is a deliberate architectural choice, not a default setting.

SMS and voice communications

Communications provider

United States (communications only)

Outbound SMS and voice call routing uses a US-based communications provider. Message content is transient. No client records, care data, or personal information are stored with this provider.

Data handling

What Tendio stores and what it does not

What we store
  • Structured client and service records imported from your systems
  • Workflow run results and summaries in structured form
  • Call transcripts and structured call records (text only)
  • Billing reconciliation outputs and gap reports
  • User accounts and access logs for the Hub and Admin portals
  • Agent run logs for auditing and cost tracking
What we do not store
  • Audio recordings of any kind
  • Raw document content beyond the processing window
  • Message content in AI run logs (structured summaries only)
  • Any data not required for the operation of a deployed solution
  • Client data from terminated engagements beyond the 90-day retention period

Tendio acts as a data processor. Your organisation remains the data controller. Our Master Services Agreement sets out the data handling obligations for both parties, including your obligations under the Privacy Act 1988 when deploying AI-assisted services to clients.

Sub-processors

Third-party services Tendio uses

Provider Purpose Data location
Microsoft Azure Application hosting, database, infrastructure Australia East
Amazon Web Services AI model processing via AWS Bedrock Sydney (ap-southeast-2)
Communications provider Outbound SMS and voice call routing United States (transient comms only)

Sub-processors are reviewed when new solutions are added. Clients are notified of any material changes to this list under the terms of the Master Services Agreement.

Legal framework

How Tendio handles your obligations

Aged care and home care providers in Australia operate under the Privacy Act 1988 (Cth) and are bound by the Australian Privacy Principles. APP 8 specifically governs cross-border disclosure of personal information. Tendio's infrastructure is designed so that client records and care data are not disclosed to overseas recipients, keeping you on the right side of APP 8 by default.

Our AI processing runs through AWS Bedrock in the Sydney region, which means the data you send to the AI model is processed within Australia. This is materially different from using overseas AI services directly, where client data would be processed by servers in the United States or Europe.

The one area to note is communications. Outbound SMS and voice routing uses a US-based third-party provider. The content of these communications is transient and not stored by Tendio. Your privacy policy and client communications should reflect that you use third-party services for automated messaging where relevant.

Our Master Services Agreement and Privacy Policy are available on request and set out the full data handling terms governing your engagement with Tendio.

Questions about our security posture?

We are happy to answer procurement questions, provide documentation, or walk through our data handling practices with your compliance team.

Email hello@tendio.com.au or book a discovery session